Symantec Radius VIP Two Factor Authentication (2FA) does not Work on GlobalProtect

Symantec Radius VIP Two Factor Authentication (2FA) does not Work on GlobalProtect

9074
Created On 09/25/18 19:54 PM - Last Updated 02/08/19 00:05 AM


Resolution

Issue

Symantec Radius VIP two factor authentication (2FA) is not working on GlobalProtect, though it is working normally on other devices.

 

Cause

Symantec Radius VIP two factor authentication (2FA) was configured on both GlobalProtect Portal and GlobalProtect Gateway authentication profiles. However, Symantec Radius VIP is considered as a one time password (OTP).

 

Resolution

For the GlobalProtect Portal configuration:

  1. Go to Network > GlobalProtect > Portal
  2. Select the appropriate Portal and go to the Authentication section under the Portal Configuration tab
  3. For Authentication Profile, select your configured LDAP Profile

 

For the GlobalProtect Gateway configuration:

  1. Go to Network > GlobalProtect > Gateway
  2. Select the appropriate Gateway and go to the Authentication section under the General tab
  3. For Authentication Profile, select your configured Radius Symantec VIP Profile

When configured as described above:

  • First login prompt (GlobalProtect Portal) will require Username and corresponding LDAP password. The GlobalProtect client will use the saved settings so the first login is performed in the background.
  • Second login prompt (GlobalProtect Gateway) will require the Symatec VIP Secure Password.

Note: GlobalProtect Portal could be configured with a kerberos or LDAP authentication profile in conjunction with the SSO feature of GP. The client can transparently connect and authenticate to the portal, download the configuration, and then prompt for the user's one time password when establishing the tunnel with the Gateway. In this scenario, the Gateway would use RADIUS based authentication profile that ties into the OTP solution.

 

Symantec Radius VIP Two Factor Authentication (2FA) does not Work on GlobalProtect Generated on 2015-09-01-07:00 2

 

owner: jlunario



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhACAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language